UKFast

Secure Remote Access

UKFast offers cloud-based RAS solutions that offer a secure remote connection for Public Sector organisations and their industry partners to connect back to the office networks, applications and data. The range of solutions includes connectivity for OFFICIAL (including SENSITIVE) with 2-factor authentication, protective monitoring and full end-user support.

Features

  • OFFICIAL/OFFICIAL-SENSITIVE Remote Access Service via Internet, RLI, PSN or HSCN.
  • End-to-end compliance
  • Integrates with EMM
  • 2-Factor Authentication options available
  • Single Sign On for improved User Experience
  • Hassle-free VPN setup
  • Simple Client installation
  • Full End User Support available from Service Desk
  • Protective Monitoring and Security reporting (GPG-13)
  • Predicatable monthly billing

Benefits

  • Available as Cloud Service from existing accredited platforms.
  • Options for connectivity to networks including RLI, PSN and HSCN.
  • UK Sovereignty guaranteed .
  • Software as a Service model reducing infrastructure and maintenance costs.
  • Scalable to meet the changing demands.
  • In Case of Emergency option available to burst capacity.
  • Range of RAS solutions available to meet your specific requirements.
  • Support for accreditation and code of connection where needed.
  • UK-based, ISO-accredited data centres, fully owned and operated by UKFast.

Pricing

£15 to £95 a user a month

  • Education pricing available

Service documents

Framework

G-Cloud 12

Service ID

1 2 9 3 3 4 5 9 7 7 3 5 9 9 0

Contact

UKFast Laurel Mills
Telephone: 0800 923 0601
Email: gcloud@ukfast.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
The provision of the Cloud Software Services includes planned maintenance activities, which are documented within a Service Level Agreement. UKFast works with our customers to ensure that systems are regularly patched and maintained, whilst minimising impact on the user community and business requirements. UKFast works with the customers and the user community of the cloud software to deliver secure and resilient services, balancing the security and functionality that are commensurate with the business requirements
System requirements
End Point Devices to be approved for OFFICIAL use.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Calls are responded to within 3 rings. Service Ticket response time is dependent on the criticality: 1. Critical - Immediate Response 2. High - Response within 10 minutes 3. Medium - Response within 1 hour 4. Low - Response within 4 hours 5. Very Low - Response within 24 hours. The standard SLA response times are applicable from 09:00 to 17:00 Monday to Friday (excluding UK Bank Holidays). 365/24/7 Support is also available as a service at an additional cost.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
No
Support levels
All UKFast customers have access to ticket and telephone-based support, unless they choose to take an unmanaged service. Customers have access to a named Account Manager who takes overall responsibility for the customer's commercial, technical and support relationship with UKFast. Customers are assigned a support "pod" based on the type of solution they have with UKFast. This ensures customers will always be supported by the same core team of support engineers who are technical experts in their particular solution. Enterprise and public sector customers also have access to a named Service Manager in addition to their Account Manager.

Standard support is provided 08:00 to 18:00 Monday to Friday and includes 1st line (User support) through to system management, monitoring and administration. Additional support is available to extend the service support to 24/7 at additional cost.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Full help documentation available at docs.ukfast.co.uk. Onboarding support is provided by our FASTdesk support engineer team along with solutions architects. We offer services to enable seamless on-boarding and collaborate to design a bespoke solution to meet your requirements. An onboarding process would typically include - Discovery process / Timeline setting / Risk assessment / Implementation process / Quality Assurance
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Access is provided for the customer to extract data, or can be undertaken by UKFast at no additional charge, depending on the method of delivery. Data can be provided as an image of the Virtual Machines, as extracted data or specific formats such as database exports. Where data is to be delivered by UKFast, encrypted portable drives can be provided.
End-of-contract process
UKFast will work with the customer to ensure that the required data, records and audit logs have been extracted and verified before the services are terminated. Data content is then destroyed in accordance with InfoSec Standard 5. The UKFast service support team will assist the customer with communications to the User community about the end of the contract and either the termination or transfer of services. Images of Virtual Machines will be provided to the customer on request to allow the transfer of the services. Where support from UKFast is required beyond the end of the contracted services, for example to support the transition to another provider may incur additional charges.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Mobile Access to the specific software services is supported through the Private Cloud service; the specific support for mobile device access to the software applications varies between the applications.
Service interface
No
API
No
Customisation available
Yes
Description of customisation
Access to the software services is provided via a web-based portal which performs authentication and authorisation to the cloud software services. This portal can be customised to match customer or project branding or to tie in with the application software user interface. The customisable elements of the software services themselves vary between the applications, but UKFast will apply customisations where they are supported. Other elements of the service, such as the reporting and dashboard can also be customised.

Scaling

Independence of resources
Resources can be independently allocated to project User communities to ensure resilience of the service and capacity. Capacity of services are monitored, and customers are informed of changes in demand.

Analytics

Service usage metrics
Yes
Metrics types
Service usage metrics can be defined by the customer to either be provided as on-demand dashboards and/or periodic reports. Typical usage data includes numbers of users per period, peak usage, average usage, heat-map of usage over time and days of the week, bandwidth consumption, volume of data uploaded/downloaded etc.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
The export of data is supported and will vary depending upon the software applications being provided. This can include automated exports to external data repositories or specific data exports on request. Some of the applications also provide User driven data export functions.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • Database exports
  • Application specific exports
Data import formats
  • CSV
  • ODF
  • Other

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Each customer is provided with a Service Level Agreement which specifies the availability and response targets. Typical availability is 99.96%, assured by contractual commitment. UKFast offer Service Credits against the guaranteed levels of availability.
Approach to resilience
Resilience of the service is provided throughout the service provision. The Data Centres are classified as a Tier 3 data centre with alternate supply paths for all services to ensure 100% Data Centre uptime. All redundant systems are regularly tested for operation and effectiveness. N+1 Redundant Power Supplies. The Public Sector Dataroom also has additional power connection allowing the entire room to be independently serviced in the event of a catastrophic failure at the site). Redundant Backup Power from Generators and UPS (N+1). 100% carbon neutral, PAS 2060 certified hosting. Carrier Neutral with a range of Tier 1 and 2 carriers. Multihomed internet presentation, means that if 1 carriers Point of Presence fails communications will automatically failover to another. Redundant (N+1) Air Conditioning and Environmental Control. Environmental systems supported by redundant power systems. DR facilities are also available, with secure connectivity provided to replicate data between the production and DR facilities.
Outage reporting
Service outages and planned maintenance activities are communicated via the service web-interface status dashboards and messaging, via email alters and the Service Desk team make contact with agree Points of Contact in order to communicate status and ongoing activities.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Separate accounts are required for Administrative Access, with authentication and authorisation controls applied to all Administrative functions. SSH access to the Virtual machines command line, and RDP sessions requires key-based authentication from a specified source location into a bastion host, which then requires further authentication and account escalation at each onward connection to the specific administrative services.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
LRQA
ISO/IEC 27001 accreditation date
24/06/2019
What the ISO/IEC 27001 doesn’t cover
The processes and procedures agreed within the Risk Managed Accreditation Document Set (RMADS) that have been agreed with the Accreditor in compliance with JSP and MoD policies.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Ultima Risk Management
PCI DSS accreditation date
29/07/2019
What the PCI DSS doesn’t cover
Office network not covered as this has no access to client infrastructure.
Other security certifications
Yes
Any other security certifications
  • Formal Accreditation from MoD (DAIS).
  • Cyber Essentials +
  • SOC 2 - System and Organisation Controls
  • ISO 27017:2015 - Information security controls for cloud services
  • ISO 27018:2019 - Protection of PII in public clouds
  • ISO 22301:2020 - Business continuity management systems
  • Police Assured Server Facility (PASF)

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Formal Accreditation from DAIS, Cyber Essentials, IASME Governance
Information security policies and processes
Security policies and procedures form part of the formal system accreditation by DAIS.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Components of the system are recorded and tracked through their lifetime Every change to a configurable item requires a Change Control Form to be documented and approved. Changes are assessed for potential security impact, and where necessary are communicated to the system Accreditor for approval.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Vulnerability management processes form part of the Risk Managed Accreditation Document Set (RMADS) which have been reviewed and approved by the DAIS Accreditor. UKFast monitor threat sources, including CERT to gain information about potential threats. Vulnerabilities and Remediation activities are assessed to determine the priority, with patches being applied within the hour for critical security issues through to monthly patching for routine updates.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
UKFast employ protective monitoring services in compliance with Protective Monitoring for HMG ICT systems (GPG-13).
Incident management type
Supplier-defined controls
Incident management approach
Processes for reporting incidents is included within the Risk Managed Accreditation Document Set (RMADS) which includes HMG monitoring departments and points of contact. Users should report incidents to the first line Service Desk team, either by phone, email or via the web-portal. Incident reports are provided as part of the reporting cycle, with exceptional RCA and incident reports provided for security incidents.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • Health and Social Care Network (HSCN)
  • Other
Other public sector networks
MoD RLI

Pricing

Price
£15 to £95 a user a month
Discount for educational organisations
Yes
Free trial available
No

Service documents